Operating System Deployment is one of the most utilized features of Microsoft System Center Configuration Manager 2007 (SCCM). Many companies are now planning to upgrade their machines from Windows XP to Windows 7 and will be using SCCM to do so. IT organizations may be new to SCCM or Windows 7 OS Deployment so this blog post provides some instruction on how to use SCCM to capture an image from a reference machine.

Why would you want to capture a Windows 7 image? It is possible to use SCCM to create a task sequence which installs the operating system, software updates, applications, etc, but by including those in the image itself can dramatically reduce the time it takes to deploy a machine. The downside of capturing everything in an image is that if something within the image must be removed or changed, a new image will have to be created. It is important for IT organizations to plan what is to be included in an image, and what is going to be installed after an image is restored to a machine. Many customers use a hybrid approach by creating an image which contains the OS, Office, patches, and other core applications and then installing drivers, other specialized applications and machine specific hardware applications later in a task sequence.

Note: This article will not cover how to setup SCCM as there is quite a bit of documentation which provides guidance on how to do so. Also, this article doesn’t address using SCCM and the PXE Service Point role to PXE boot clients. The reason is because setting up a PXE Service Point is fairly easy when clients are on the same subnet as the server, but when traversing subnets or VLANs, additional configuration is required, which exceeds the scope of this article.

Preparing for OSD

Unless you already have a Windows 7 image file, you can follow the below process to use an OSD task sequence to build and capture a Windows 7 reference machine.

Network Access Account

Since many functions in OSD are run in WinPE and require authentication, a Network Access Account (NAA) is required. The NAA should be a domain user account and only really needs read permissions. Leaving it in the Domain Users group should be sufficient. For more information on the Network Access Account click here.

At the “Source Files” screen, select “Always obtain files from a source directory” and then click Next.

At the Source Directory screen, select Local drive on site server and browse to <ConfigMgr Installation Folder>\Client and then click Next.

Click Finish at the Summary screen.

It is important to distribute the package to all distribution points. In the ConfigMgr console, expand the package for the Configuration Manager Client Upgrade, right-click the Distribution Points node, and select New Distribution Points.

Deploying Boot Images

In order for machines to use WinPE boot images, the boot images must be distributed to distribution points. The following section describes that process as well as configuring the boot images to allow for command prompt support. What is command prompt support? This setting allows you to press F8 at any time during a task sequence to open a command prompt. Command prompt support is usually used for troubleshooting purposes.

In the Configuration Manager console, navigate to Site Database / Computer Management / Operating System Deployment and expand the Boot Images node.

Right-click Boot image (x64) and then select Properties.

In the Boot image (x64) Properties dialog, select the Windows PE tab.

Check the box Enable command support (testing only) and then click OK.

You will be prompted with a dialog box stating that a “Distribution Point Update (is) Required” Click Yes.

The “Manage Distribution points Wizard” will appear, click Next to continue.

When the boot image update is completed, click Close.

Repeat the above steps for the Boot image (x86) package.

Once both boot images have been modified, expand each boot image, right-click Distribution Points and select New Distribution Point.

Click Next and at the “Copy Package” screen, select ALL distribution points. If a PXE Service Point has been installed, it is important to select the SMSPXEIMAGES$ share based distribution points as well.

Click Next to continue, and Close to complete the process.

Repeat the process for Boot image (x86).

Note: When boot images are updated the boot image is mounted and recompiled. During the recompilation, SCCM specific OSD files, drivers, and other settings are injected into the boot image.

Build and Capture a Windows 7 Reference Machine

Unless you already have a Windows 7 image file, you can follow the below process to use an OSD task sequence to build and capture a Windows 7 reference machine.

Preparing a Source File and Image Folder Structure

To complete the build and capture process, you will need to create a shared folder in which the OS and Image files are stored. Typically this share can be created on the SCCM server itself. This example uses the folder D:\OSDeploy.

As an example, create the following folders:

D:\OSDeploy

D:\OSDeploy\OSSource

D:\OSDeploy\OSSource\Windows7x86

D:\OSDeploy\OSImages

D:\OSDeploy\OSImages\Windows7x86

Note: A user account will be needed during the reference machine image capture. In this example, the Network Access Account is used.

Right-click the folder D:\OSDeploy folder and select Properties.

Select the Sharing tab and click Advanced Sharing.

Select the “Share this folder” check box and then select the Permissions button. Give the Everyone group Full Control and then click OK and OK again.

Adding the Operating System Install Package

In order to install Windows 7 on a reference machine, you will need to create an OS Installation Package. To do this, copy the entire contents of a Windows 7 DVD to the following folder: D:\OSDeploy\OSSource\Windows7x86.

In the Configuration Manager console, navigate to Site Database / Computer Management / Operating System Deployment/ Operating System Install Packages.

At the Copy Package screen, select your distribution points and then click Next. Note: If you happened to create a PXE Service Point, you will not need copy any other package files to the SMSPXEImages$ share, other than the boot image packages.

Click Close at the Confirmation screen.

Build and Capture a Windows 7 reference image

Creating a Task Sequence to Build and Capture a Windows 7 Reference Machine

The following task sequence will be used to install Windows 7 x86 on a reference machine, run system preparation, and then capture the drive as a WIM file. The instructions below will describe the process of creating a very basic WIM image which only contains the OS

In the Configuration Manager console, navigate to Site Database / Computer Management / Operating System Deployment and right-click the Task Sequences node and select New – Task Sequence.

At the New Task Sequence Wizard, in the Create a New Task Sequence screen, select Build and capture a reference operating system image and then click Next.

At the Edition field, use the drop-down to select image 5 – Windows 7 ULTIMATE.

You can leave the Product Key field empty as it can be provided later.

Select the option Always use the same administrator password and enter and confirm a password.

Click Next to continue.

At the Configure the Network screen, select Join a workgroup and enter the name WORKGROUP and then click Next

At the Install ConfigMgr Client screen, select Browse, and navigate to the Microsoft Configuration Manager Client Upgrade package which was created earlier and then click Next.

At the Include Updates in Image screen, select All software updates and click Next. Note: Unless the Software Update Point role has been installed, and Software Update deployments and packages have been created, the Install Updates task will not do anything.

At the Install Software Packages screen, click Next (unless you have created packages which you want installed as part of the task sequence).

At the System Preparation screen, there is no need to configure anything since Windows 7 includes system preparation tools. Click Next.

At the Image Properties screen, enter any additional information about the image. Click Next.

At the Capture Image Settings screen, enter the Path and filename to the OSDeploy share: \\servername\OSDeploy\OSImages\Windows7x86\ Windows7x86.WIM

In the Account field, click the Set… button. Enter the User name and password of the Network Access Account or the account which has permissions to write to the share defined. Enter and confirm the account password, and then click OK.

Validate that the settings are accurate in the Capture Image Settings screen, click Next.

At the “Summary” screen, click Next.

Click Close at the success screen.

Editing the Task Sequence

In the Configuration Manager console, select Task Sequences and locate the task sequence just created in the Details pane.

Advertise the Task Sequence to Unknown Computers

At the New Advertisement Wizard screen, in the Collection field, click Browse to select the All Unknown Computers collection.

If you are planning to use PXE Boot, check the box Make this task sequence available to boot media and PXE and then click Next.

At the Schedule screen, leave the default settings as the task sequence will be optional. Click Next.

At the Distribution Points screen, select the option: Access content directly from a distribution point when needed by the running task sequence and then click Next.

Click Next to the end of the wizard, leaving all default selections.

At the “Wizard Completed” screen, click Close.

Creating Task Sequence Boot Media

Now that you have a task sequence ready to go and advertised, you will need to acquire a reference machine, which can be virtual. If not using PXE Boot, you will need to generate and create boot media such as a boot CD or USB stick.

In the Configuration Manager console, navigate to Site Database / Computer Management / Operating System Deployment and right-click the Task Sequences node and in the context menu select Create Task Sequence Media.

At the Media Type screen select CD/DVD set and in the Media file field, enter the path and name of your bootable media, such as C:\OSDx86Boot.iso. Click Next to continue.

At the Security screen, leave Enable unknown computer support checked. If you want to be prompted to enter a password at boot image, leave Protect media with a password selected and enter and confirm a Password. Click Next to continue.

At the Boot Image dialog, select Browse to select the Boot image (x86) 6.1.7600.16385 en-US image and click OK. Click Next to continue and Next again to start the process. Click Close.

Copy the file C:\OSDx86Boot.iso to a machine with a CD Burner, and burn the ISO image to a CD.

Note: In Windows 7 you can simply right-click the file and select Burn disc image.

Build and Capture a Reference Machine

The boot CD will be used to boot your reference machine and connect to the SCCM server. Put in the CD and boot the machine to the CD. It is assumed that DHCP is implemented on your network.

After booting to the Boot media, you may be prompted to enter a password if you selected that option earlier. If so, enter the password and click Next.

At this point, the task sequence will start. The system will reboot several times and the process may take up to 30-45 minutes. Note: You may be prompted during the process to enter a product key. If you entered it in the task sequence wizard you won’t be prompted. Click

Click Next to continue. A product key doesn’t need to be entered.

Once the process is complete, the machine should be at the Windows screen. On the site server, verify that the WIM file has been created under:

Deploying the Windows 7 WIM Image

At this point, you have successfully created a Windows 7 x86 image of a reference machine. You may want to go through the process again to add other application packages, software updates, etc. If you want to continue with just an OS based image, you can import it into SCCM by creating an OS Image Package.

Create an OS Image Package from WIM

Now that you have a captured WIM file of a Windows 7 x86 image, you can create a new task sequence to deploy it to other machines.

Open the Configuration Manager console and navigate to Site Database / Computer Management / Operating System Deployment.

Right-click Operating System Images and select Add Operating System Image.

At the “Add Operating System Image Wizard” enter the UNC path for the WIM image just created. \\servername\OSDeploy\OSImages\Windows7x86\ Windows7x86.WIM

Click Next to continue.

At the General screen provide a descriptive name such as Microsoft Windows 7 x86 Image, specify a version number and comment if desired and then click Next.

Click Next and then Close to complete the wizard.

You will see the new image under the Operating System Images node. Expand the image package, right-click the Distribution Points node and select New Distribution Points.

At the New Distribution Points Wizard, click Next.

At the Copy Packages screen, select your distribution points. As mentioned before, if a PXE Service Point has been installed, you don’t need to send the package to the SMSPXEImages$ share based distribution point.

Conclusion

Now that you have captured a Microsoft Windows 7 image and imported it as an Operating System Image in Configuration Manager, you can deploy that image by creating other task sequences. By right-clicking Task Sequences – New Task Sequence you can use some of the built in wizards to deploy your new Windows 7 image.

This article is very clear but I have been struggling with PXE Boot (which is a critical need in our organizations). We have a separate DHCP and the SCCM server is on a different subnet. My client computers are able to boot and receive IP addresses from the DHCP server however when it comes to booting I have received a number of different errors during my troubleshooting. Initially an ACL was causing an issue but that has since been corrected. Now I get the following errors:

PXE-T04: Access Violation

PXE-E36: Error received from TFTP Server

PXE-M0F: Exiting Broadcom PXE ROM

I have further tested access to the tftp server using the following command:

tftp -i serverip GET \SMSBOOT\x86\wdsnbp.com

and the result is a timeout message and the file does not download. To confirm that the path is correct I examined the registry entries associated with WDS TFTP and SMSBOOT and BOOT are both listed as well as several other locations. Additionally if I use the GET command and specify a nonexistant file I get a file not found error. This leads me to believe that TFTP can see the wdsnbp.com file but that for some reason it cannot download it. I checked with the infrastructure administrator and he confirmed that the BOOTP path matches my designated path for TFTP and that traffic is allowed on UDP port 69. I would be great if someone could provide some additional guidance or even some information on how I can track more detail on these errors.